SSH

SSH, or Secure SHell, is a secure alternative to telnet. SSH can be used to securely copy files, access CVS or SVN, cron jobs and other DreamHost services via standard unix command line also known as shell. All SSH traffic travels over a secured connection rather than in the plain text like in telnet. It is strongly recommended that you use SSH rather than telnet.

Note: Before being able to log into SSH, one must enable SSH on that account. It's a fairly easy process that's detailed in the Enabling Shell Access article. After enabling, your SSH login will be: ssh username@server.dreamhost.com

DreamHost SSH Server Software

DreamHost uses OpenSSH software on the server end. It allows some great features how to manage user rights and access as described in this sample chapter of O'Reilly's guide to SSH.

SSH Client Software

Windows is the only commonly-used operating system that does not include a native SSH client. Windows users need to download SSH software separately (see below). Mac OS X and UNIX/Linux users can run the SSH client from any terminal application. To do this, open your terminal, enter ssh in the command line and hit enter.

Mac OS X

Mac OS X users can find Terminal at /Applications/Utilities/Terminal.app. Once in a terminal session, follow the instructions under Unix/Linux to initiate a secure shell.

Unix/Linux

Most distributions of UNIX/Linux come with the OpenSSH package. Any terminal application (xterm, Konsole, etc.) can be used to initiate a secure shell:

ssh username@yourdomain.com

Windows

Every windows SSH client has its own way to be installed and launched, different from unix ssh command, but once you've set it up, there is no difference in further operations. However, each client is suited to specific (or general needs); you might like to try them all to see what suits your fancy. Take your pick:

Commerical:CWRSYNC is a packaging of rsync and the ssh client with the required cygwin libraries for Windows. It runs on all versions of Windows. Very easy to set up & doesn't need a full cygwin setup.

This seems to be a Linux anomaly more than anything else (in bash, xterm, and vt100), but the workaround is as follows (note that PuTTY isn't affected, but SecureCRT, F-Secure, and SSH, etc. are):

1. Once installed, configure your settings as you like, then locate the key mapping feature of your client.

2) Map your delete, home, and end keys as strings, using the following values (no quotes):

Delete: \033[3~

Home: \033[1~

End: \033[4~

Keep in mind that this is universal for all sites through that particular client - remote access or using another client won't be affected. However, for remote access, use something like PuTTY and your worries are gone.

Another method you can use to get your SSH terminal behaving as you want it to is to create a .inputrc file in your home folder (E.G. "cd ~" will take you to your home folder). The .inputrc can hold definitions of standard key mappings. I use the following in mine to enable functionality for the home, end, page up, page down, del, and other keys:

Java

Mindterm from Appgate is a java based SSH client that can be embedded into your site. This will enable you to have shell access to any ssh host from any PC with a web browser that is java capable. Mindterm is free for personal use and can be downloaded from here

iPhone

A powerful, free, SSH application is available on the App Store called TouchTerm. For users that need more, a paid version of the same application is available, called TouchTerm Pro. You can read more about this client on the developer's website.

Android

ConnectBot is an SSH application available for free on the Android Market. You can use it to access SSH, Telnet, and local protocols. It should probably work for FTP as well.

If you use ConnectBot, it is highly recommended that your device have a keyboard and a trackball. The T-Mobile G1 is idea, but the Motorola Droid is perfect for this application since it has a control pad instead of a trackball.

There are a few things you may want to remember when inputing data on ConnectBot.

To input some keys, you need to use the following commands.

Key

Command

CTRL

Press the track ball once. The cursor will indicate this state with a < symbol. Follow up this command with the key you plan on using with the CTRL character.

ESC

Press the track ball twice.

SHIFT

Press the Shift key. The triangle outline will appear on the top part of the cursor indicating it has been pressed.

CAPS LOCK (a.k.a. Shift Lock)

Press the Shift key twice. The solid triangle will appear on the top part of the cursor indicating it has been pressed. Pressing Shift again disables it.

ALT

Press the Alt key. The triangle outline will appear on the bottom part of the cursor indicating it has been pressed.

ALT LOCK

Press the Alt key twice. The solid triangle will appear on the bottom part of the cursor indicating it has been pressed. Pressing Alt again disables it.

TAB

CTRL+I

Function keys (F1 through F10)

Hold down the shift key and press numbers 1 through 0 to send F1 through F10 respectively

Page Up and Page Down

Using screen gestures, swipe up and down on the screen respectively.

Arrow Keys

Move the trackball in the proper direction or press the appropriate directional key on the control pad.

Backslash (\)

SHIFT+ALT+/

Backtick/Accent Mark (`)

SHIFT+ALT+1 if you put it over a character. SHIFT+ALT+L for the character itself.</tt>

Square Brackets ([ ])

SHIFT+ALT+O and SHIFT+ALT+P, respectively.

Curly Braces ({ })

SHIFT+ALT+H and SHIFT+ALT+J, respectively.

Vertical Pipe (|)

SHIFT+ALT+, (comma)

Tidle (~)

SHIFT+ALT+N if you put it over a character. SHIFT+ALT+K for the character

The best way to find out where the other characters are is to experiment with the SHIFT+ALT command. YMMV.

Passwordless Login

Unix, Linux, Mac OS X, and Cygwin

Users can set up SSH so that they have passwordless ssh access to DreamHost servers. (Please read 'Single Password Logon' for security concerns.)

On your home computer, you must generate an RSA private key (or DSA), using ssh-keygen (unless you already have one):

ssh-keygen -t rsa

It will prompt you for three things, hit enter to accept the default on all three.

Next, you must copy your public key to DreamHost's server; easiest is to use ssh-copy-id. Replace user and example.com with your username and domain name, respectively.

ssh-copy-id -i ~/.ssh/id_rsa.pub user@example.com

You will then be prompted for your SSH password. This will copy your key to user@example.com:~/.ssh/authorized_keys automatically.

Note: Mac OS X does not support ssh-copy-id. If your home computer does not support ssh-copy-id, then the following will do the same thing by hand.

By hand

Copy your security certificate generated using ssh-keygen (see above)

scp ~/.ssh/id_rsa.pub user@example.com:~/

SSH to the machine you wish to connect to.

ssh user@example.com

Now append the public key to your authorized keys file and delete the file you uploaded:

mkdir .ssh
cat id_rsa.pub >> .ssh/authorized_keys
rm id_rsa.pub

Now make sure permissions are set properly for all necessary files and directories:

chmod go-w ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

If everything is configured properly, you should be able to access your DreamHost account through SSH without a password now!

For more information, see the man pages for ssh, ssh-keygen, ssh-copy-id, and sshd. “Getting started with SSH” is a step-by-step tutorial which you may find helpful.

Single Password Logon

For the security minded, when you run ssh-keygen -t rsa it asks for a password. If you provide one, you will be asked for it in the future. Add the following lines to your .bash_profile or .profile. It will only ask you for the password once per logon-session on the local machine, and subsequent SSH connections will be 'free'.

Please note: The above block only starts the ssh-agent, it will not use a key or store the passphrase until you type

ssh-add ~/.ssh/id_rsa

You will then be prompted for the passphrase, which will be remembered for the rest of your session.
I just added the line above to the block within my .bash_profile. That way when I first open my cygwin console I am asked for the password, but never again!

Save both the public and the private key somewhere on your computer where you can find them (named key.pub and key.ppk, for instance)

Upload the public key to your Dreamhost home directory. After you've generated the key and copied it to the server, you'll need to import and append the key to authorized_keys with the following command. Use >> instead of > to append to the file instead of overwriting the contents. (If the directory ~/.ssh does not already exist use an FTP program, such as FileZilla, to create it. Make sure to enable FileZilla to show hidden files (Server > Force showing hidden files)).

Now the keys sit on the server (protected from access by others), you can log out, and start PuTTY. Make a new connection:

In Connection/Data, add your Dreamhost username

Connection/SSH/Auth, browse to your private key file (key.ppk)

Go back to Sessions, give your Dreamhost machine host name (abc.dreamhost.com), name the session, and click Save to save it

Now, we are going to tell Pageant to authenticate automatically. The PuTTY manual says: "Pageant is an SSH authentication agent. It holds your private keys in memory, already decoded, so that you can use them often without needing to type a passphrase.". Fire up Pageant, and:

Click Add Key

Select your private key file

Now you can double-click the new PuTTY entry it to login, and since Pageant authenticates you in the background, you'll see something like:

Common Tasks in SSH

I won't pretend to be an expert, but I thought I'd save the next person the grief of going through the dramas again. Those who are not entirely comfortable with the *nix world may be a bit intimidated by the 'features' of dreamhost;) Hopefully this will be of help to someone.

With a combination of your favourite FTP client, any tool that can create ZIP files, and Putty, you can upload your entire site in ZIP format and decompress it using Putty. I'm writing this from a Windows mindset but this will also work with other OSs using comparable tools.

First, ZIP up your site, maintaining the directory structure you want, and FTP it to the directory (the sub/domain you've set up in panel) you want the site decompressed to. Using a GUI FTP client so you can see the structure I find to be the easiest. So you don't get lost, keep the FTP client window open to use as a road map.

Now run Putty, enter the domain and use your FTP login and password to get in.

You will now have the [server]$ prompt, with [server] being the name of your server eg [goober]$.
Now type the following.

[server]$ ls

You should see a list of your directory/sub/domains.

Now type

[server]$ cd subdomain.name.com

to [C]hange [D]irectory, except obviously use the name of the directory you want rather than 'subdomain.name.com' :P

Now do...

[server]$ ls

again. You should see the name of the ZIP file you uploaded

[server]$ ls
filename.zip

Type

[server]$ unzip filename.zip

(again, use your OWN file name)

The cursor will drop to the next line and depending on how many files are in the zip, it might take a while to pop up the [server]$ prompt again. Be patient. When it does you will have all your files beautifully decompressed, exactly where you want them ;)

You can use your FTP client to check.

Just as a note: depending on what you have done prior to this you might get some warnings. I'll leave these to your creativity. Use your noodle. Try typing unzip -h to get the list of switches. Hopefully you'll get around it.

Good Luck and Enjoy!

Check if your files are correctly uploaded (check for file integrity)

If you have to upload some large files to the server you might want to check they are correctly uploaded with no errors. To do that, just create a MD5 file and upload it to the server, in the same folder as the files you want to check (a MD5 file is a plain text file that contains checksums of your files so their integrity can be verified afterwards; to create it you can use any MD5 tool, like wxChecksums).

Once you have your MD5 file uploaded, go to your directory with "cd":

cd xxxxxxx.yourdomain.com/yourdirectory

Then type this to verify all files with the uploaded MD5:

md5sum -v -c yourfile.md5

After a few seconds, you'll start seeing a list of the files with an "OK" mark at the end of each line if the file is correct, or "FAILED" if the file is not correct (the upload went wrong).

-- OMA

ZIP All Files In A Folder

Let's imagine that you have a Folder named "Images" and that you want all the files and subfolders and files within subfolders to be zipped up in a single file for whatever purpose.

zip -r images_backup Images

This will create a file named "images_backup.zip" in the current folder containing everything that was in the "Images" folder.

You can use the maximum compression setting in tandem with this by using:

zip -9 -r images_backup Images

Troubleshooting

Directory/filenames which contain non-english/Asian characters show up as ?????? or are corrupt

If you have problems with your filenames not showing up correctly which would also prevent you from creating new files/directories with their correct names via shell then you will want to add the following to your .bash_profile file to enable UTF support:

Server unexpectedly closed network connection

If you get this error when attempting to SSH (or SFTP/SCP), this can mean your IP has been blocked due to an excessive number of failed login attempts. You will get no notice that this has happened. Contact support and they will remove the block and whitelist your IP address. If you don't know your IP, visit whatismyipaddress.com.

[User] is not in the sudoers group.

Dreamhost does not allow sudo access on shared servers for security purposes, so the sudo command is not available. While many tasks can be accomplished without the use of sudo, if you do need sudo access, you may wish to check out DreamHost PS, where you get full root access!

Idle connections are getting dropped

Dreamhost and other ISPs may kill ssh connections that remain idle longer than a certain number of minutes. The fix is simple: set up keep-alive by editing /etc/ssh/ssh_config or ~/.ssh/config and adding this:

Host *
ServerAliveInterval 15
ServerAliveCountMax 4

Now the ssh client will ask the server for a sign of life every 15 seconds thus keeping the connection open. As an added bonus, if the server fails to respond 4 times in a row the client gives up and closes the connection itself.